Privacy Policy

Privacy Policy
Last updated: 10 June 2025

At Gray Corporate Finance Limited (“we”, “us”, or “our”), we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website or engage with our corporate finance services, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Gray Corporate Finance Limited
Company Number: 16405014
Registered Office: 32 Eyre Street, Sheffield, S1 4QZ
Email: enquiries@graycf.co.uk

We are a corporate finance advisory firm offering services to businesses including mergers and acquisitions, fundraising, valuations, and strategic financial advice.

2. What Information We Collect

We may collect and process the following categories of personal data:

  • Identity Data: Name, title, job title.

  • Contact Data: Email address, phone number, postal address.

  • Business Data: Company name, role, financial details relevant to our services.

  • Technical Data: IP address, browser type and version, time zone setting, and browsing behaviour on our site.

  • Marketing and Communication Data: Preferences in receiving marketing from us and communication preferences.

We do not knowingly collect personal data from children under 16 years of age.

3. How We Collect Your Data

We collect your data through:

  • Direct interactions (e.g. via contact forms, email, phone calls).

  • Use of our website (cookies and analytics).

  • Professional networking and referrals.

  • Publicly available sources (e.g. Companies House, LinkedIn).

4. How We Use Your Personal Data

We use your data only where permitted by law. Common uses include:

  • To respond to enquiries and deliver our services.

  • To manage our relationship with you.

  • To carry out our contractual obligations.

  • To comply with legal or regulatory obligations.

  • To send relevant updates or marketing communications (only where we have your consent or a legitimate interest).

5. Legal Bases for Processing

We process your personal data on the following legal grounds:

  • Consent – where you have given clear permission.

  • Contractual necessity – where processing is necessary for a contract.

  • Legal obligation – where we are required to comply with legal requirements.

  • Legitimate interests – where we have a business reason to process your data, and your rights and interests do not override these.

6. Disclosure of Your Personal Data

We may share your personal data with:

  • Service providers (e.g. IT, email hosting, CRM platforms).

  • Professional advisers (e.g. lawyers, accountants).

  • Regulatory authorities if legally required.

  • Prospective buyers, partners or investors (as part of business development or transactions, where appropriate and lawful).

We require all third parties to respect the security of your data and to process it in accordance with the law.

7. International Transfers

We will not transfer your data outside of the EEA without your permission.

8. Data Security

We have put in place appropriate security measures to prevent your data from being lost, used or accessed in an unauthorised way. We also limit access to your data to employees, agents, contractors and third parties on a need-to-know basis.

9. Data Retention

We will retain your data only as long as necessary to fulfil the purposes we collected it for, including satisfying legal, accounting, or reporting requirements. Typically:

  • Enquiries: up to 3 years after last contact.

  • Clients: up to 7 years after the end of the business relationship (to meet legal and tax obligations).

10. Your Legal Rights

Under the UK GDPR, you have rights including:

  • Access – to request access to your personal data.

  • Correction – to request correction of inaccurate or incomplete data.

  • Erasure – to request deletion of your data.

  • Objection – to object to processing based on legitimate interests.

  • Restriction – to request restriction of processing.

  • Data portability – to receive your data in a structured, commonly used format.

  • Withdraw consent – where processing is based on your consent.

To exercise any of these rights, please contact us at: enquiries@graycf.co.uk

You also have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk.

11. Cookies

Our website uses cookies to distinguish you from other users and improve your browsing experience. For more information, please refer to our Cookie Policy.

12. Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page, with the date of the latest update shown at the top.

Contact Us
If you have any questions about this privacy policy or our data practices, please contact:
Data Protection Officer
Email: enquiries@graycf.co.uk
Address: 32 Eyre Street, Sheffield, S1 4QZ